This made it difficult to look at the code. It also uses a previously unknown vulnerability in Android that allowed it to take control of and maintain a foothold on infected Android devices. Kaspersky has contacted Google regarding the malware and the alleged vulnerabilities in Android. The malware, dubbed Backdoor.AndroidOS.Obad.a, is described as a “multi function Trojan.” It is an SMS Trojan, whichsends short message service (SMS) messages to premium numbers. SMS Trojans are the most common form of mobile malware.
According to the report, the Obad authors discovered and exploited a previously unknown vulnerability in the Android OS relating to how Android processes a file called AndroidManifest.xml, a standard component of all applications that describes the application’s structure and operation to the operating system. According to Kaspersky, Obad ”modifies AndroidManifest.xml in such a way that it does not comply with Google standards, but is still correctly processed on a smartphone.”
A second vulnerability allowed Obad’s authors to obtain extended Device Administrator privileges on infected devices, without appearing on the list of applications which have such privileges. As a result, Unuchek said that it wasn’t possible to delete Obad from the infected Android device after it gained the extended privileges.
Obad malware collects a wealth of information from the device, which is passed back to Internet-based command and control (C&C) servers, Kaspsersky said.